Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

Virus On Windows

Discussion in 'Tech, Gadgets & Science Forum' started by Tanzania 1, Jan 14, 2008.

  1. Tanzania 1

    Tanzania 1 Senior Member

    #1
    Jan 14, 2008
    Joined: Oct 4, 2007
    Messages: 197
    Likes Received: 5
    Trophy Points: 0
    Warning on stealthy Windows virus

    Security experts are warning about a stealthy Windows virus that steals login details for online bank accounts. In the last month, the malicious program has racked up about 5,000 victims - most of whom are in Europe.

    Many are falling victim via booby-trapped websites that use vulnerabilities in Microsoft's browser to install the attack code.

    Experts say the virus is dangerous because it buries itself deep inside Windows to avoid detection.

    Old tricks

    The malicious program is a type of virus known as a rootkit and it tries to overwrite part of a computer's hard drive called the Master Boot Record (MBR).

    This is where a computer looks when it is switched on for information about the operating system it will be running.

    "If you can control the MBR, you can control the operating system and therefore the computer it resides on," wrote Elia Florio on security company Symantec's blog.

    Mr Florio pointed out that many viruses dating from the days before Windows used the Master Boot Record to get a grip on a computer.

    Once installed the virus, dubbed Mebroot by Symantec, usually downloads other malicious programs, such as keyloggers, to do the work of stealing confidential information.

    Most of these associated programs lie in wait on a machine until its owner logs in to the online banking systems of one of more than 900 financial institutions.

    The Russian virus-writing group behind Mebroot is thought to have created the torpig family of viruses that are known to have been installed on more than 200,000 systems. This group specialises in stealing bank login information.

    Security firm iDefense said Mebroot was discovered in October but started to be used in a series of attacks in early December.

    Between 12 December and 7 January, iDefense detected more than 5,000 machines that had been infected with the program.

    Analysis of Mebroot has shown that it uses its hidden position on the MBR as a beachhead so it can re-install these associated programs if they are deleted by anti-virus software.

    Although the password-stealing programs that Mebroot installs can be found by security software, few commercial anti-virus packages currently detect its presence. Mebroot cannot be removed while a computer is running.

    Independent security firm GMER has produced a utility that will scan and remove the stealthy program.

    Computers running Windows XP, Windows Vista, Windows Server 2003 and Windows 2000 that are not fully patched are all vulnerable to the virus.

    Source: BBC
     
  2. Richard

    Richard JF-Expert Member

    #2
    Jan 23, 2008
    Joined: Oct 23, 2006
    Messages: 6,862
    Likes Received: 2,378
    Trophy Points: 280
    Jambo muhimu ni kujua kila wakati kwamba Windows operating system ina security centre.

    Hii inapatikana baada ya kuingia "control panel" na pana sehemu mbili za ulinzi, "firewall" na "automatic updates".

    Vitu hivi viwili inashauriwa kuviweka on wakati wote ili operating system iwe inapokea patches kutoka "microsoft website" moja kwa moja computer ikiwa mtandaoni.

    Hii ni moja ya njia nzuri za kulinda operating system kama ya windows.
     
  3. M

    Mtu JF-Expert Member

    #3
    Jan 23, 2008
    Joined: Feb 10, 2007
    Messages: 472
    Likes Received: 4
    Trophy Points: 0
    mkuu kuna jamaa aliniambia kuwa nikiweka "automatic uptodate ON" naweza kuwa napokea virusi vingi.Kwa sasa iko Off.Sijui kweli?
     
  4. Richard

    Richard JF-Expert Member

    #4
    Jan 23, 2008
    Joined: Oct 23, 2006
    Messages: 6,862
    Likes Received: 2,378
    Trophy Points: 280
    Microsoft wana kitu kinaitwa "monthly security update cycle" ambapo wanakuwa wanatoa angalau update mbili, kwa hio unapata "updates automatically".

    Bila shaka kama utakuwa huna anti virus software ambayo nayo katika hio security center inaorodheshwa kama elements za ulinzi wa computer yako.

    Kwa hio itakuwa inasema Firewall- on,Automatic updates-on, na Anti-Virus-on.

    Vitu hivi vitatu vikiwa "on" basi uko safe.

    Ushauri wangu mwingine ni kwamba kama computer ni yako privately basi unaweza kuwa unakwenda website ya microsoft kwa kutype www.microsoft.com/xp na utakuta sehemu mbili ya Windows Updates na Office Updates na wewe chagua ya Windows Updates.

    Pia unaweza type www.microsoft.com/updates au windows vista kwa watumiao vista na hapo unapata updates incase hukuwa katika mtandao kwa siku mbili tatu.

    Lakini kama computer yako ni sehemu ya network kazini au mahala pengine basi mwambie "administrator" afanye mambo hapo kwani unaweza kuleta "conflict" katika "network".

    Nafikiri utanielewa.
     
Loading...